Venesky-Brown's client, a public sector organisation in Edinburgh, is currently looking to recruit a Cyber Security Manager for an initial 8 month contract with potential to extend on a rate of £550-£600/day (Inside IR35).

Responsibilities:

- Continuously review IT Security Policies and Processes in line with best practise, providing recommendations for security improvements across all assigned projects
- Support security architect function by defining priorities based upon risk and new emerging threats that have been identified
- Assist the security risk advisor and security architect function with the assessment of compliance against the organisation and Industry security and privacy framework standards producing gap analysis and remediation reports as required.
- Ensure compliance with organisational security commitments to Memorandums of Understanding and Shared Service Agreements with partner organisations
- Assist the security risk advisor and security architect function with risk and threat modelling and assessment
- Support security architect function by contributing to acceptance criteria for security countermeasure delivery and sign off security countermeasures once delivered as operationally ready
- Plan and manage an ongoing schedule of security countermeasure testing
- Support the security risk advisor with security assurance of Cloud tools and technologies utilising organisational and Industry standards
- Manage third party relationships from a security perspective and ensure contractual security requirements are being met
- Ensure Security Issues are raised in accordance with agile methodology and sprint planning
- Manage and represent the security function and staff for all assigned projects
- Lead on Vulnerability Management program at both application and platform level ensuring adherence to the vulnerability management process and policy, and scoping external penetration tests as required
- Maintain a thorough understanding of cloud native technologies and awareness of third-party security technologies to support continuous improvements of security posture of all assigned projects
- Initiates and Lead on investigations into IT security incidents in accordance with corporate policy
- Ensures that the Service feeds into the organisation's security Operations Centre and that threat intelligence is factored into the service's security posture
- Contribute to the security monitoring of the Service and support both the management of localised security event logs and the interoperability between the organisation's Security Operations Centre and the Programme Service Team
- Arrange and execute activities such as penetration testing for all assigned projects.

Essential Skills:

- Recent working experience (last 1-3 years) in delivery of a defined security programme where public facing identity-based authentication and verification services were required, and leading Security Operations teams in the running of such services.
- Demonstrable working experience in designing and delivering: SOC services; Cyber Incident Response functions and Vulnerability Management processes.
- Demonstrable working experience and application of organisational and Industry security standards
- Direct working experience of AWS and Azure native security tools (eg Azure Sentinel, AWS Guard Duty, Microsoft Defender for Cloud, AWS Security Hub, etc). and good awareness of third-party security technologies to support continuous improvements of Cloud service security posture (eg Privileged Access Management, Vulnerability Assessment System).
- Experience of working with and 'securing' software development life cycles (S-SDLC) and supporting Software and Cloud Engineers with security engineering expertise.
- Experience of engaging with, and managing, a wide range of internal and external stakeholders, including senior officials, customers and suppliers. This includes producing concise, clear, well-structured written work and communicating complex matters across a range of audiences.

Desirable Skills:

- AWS and/or Azure professional certification in a security space and professional certification at auditor level in ISO27001.

If you would like to hear more about this opportunity please get in touch.
Posted Date: 19 Apr 2024 Reference: JSV-52913 Employment Business: Venesky-Brown Contact: Gerard Lunday